Ca: RBC client sees others’ private data online

Posted on by Dissent

An alert reader from north of the border sends in this one.

Ellen Roseman reports:

Ava Wong had her identity stolen in 2008. She spent the next year trying to get her financial life in order again.

So, she was upset to log into her RBC banking account last month and find someone else’s confidential information there.

“On Nov. 27, I discovered that all the line of credit statements belonging to a couple in Saskatoon had been linked to my client profile,” she said.

“I was able to see every statement belonging to their RBC Homeline Plan, starting from July 2007, when they first opened the account.”

She reported the incident to a senior account manager that day. On Nov. 30, she followed up to say she could still see the information.

[…]

Matt Gierasimczuk, an RBC spokesman, quickly responded to my inquiries. He set up a conference call with Jeff Green, RBC’s chief privacy officer and vice-president of global compliance.

Green said a processing error, involving an automated systems fix, had led to a privacy breach that affected four clients in total. He was made aware of the problem when it was reported to the customer care centre.

RBC notified the clients whose information was disclosed in error, he said, adding that Wong’s data was not seen by another client.

Companies aren’t required to report privacy incidents to the affected people or to the Office of the Privacy Commissioner of Canada (OPC).

Read more on Moneyville.ca.

This is not RBC’s first glitch of this kind (and it’s certainly not the first time we’ve all seen an exposure breach due to an upgrade or systems fix).

Back in October 2009, the media also reported another case of RBC customers being able to view others’ transactions.

As always, entities need to ensure that the customer’s first contact about a breach gets prioritized and directed to the right people who will promptly handle it.  When customers feel that their security/privacy concerns are not being dealt with promptly and with appropriate regard for the seriousness of the issue, the entity loses the customer’s trust.

Category: Breach IncidentsExposureFinancial SectorNon-U.S.